{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0414a2f4-73fc-57cf-a9f8-cba65a6b3d3e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e08c48c2-b32e-5ba0-8a74-a43d9f94a112", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b1d1039-839d-59a2-8760-1a1fe3e5c788", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d01189df-63af-5fd5-a748-0ea81fb3e90e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:74413e33-f9c4-53b0-8155-faf1e0745de8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:28b2f93f-848b-5488-8d3a-bbd6beec62ae", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b54d0a7-fd4f-57b7-b2b9-70a8b188fca8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ee26471-d198-5b55-b6c3-6df3459e309c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bab26314-2005-5a45-95ae-424576a8997f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14fa9a3a-beba-5856-a284-703887964d76", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b09df324-92b7-5f9f-837d-bd1bd60fe5b3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee183157-cce5-59d6-8a23-d41a96622330", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:45027251-7f5f-52d3-9adc-37bb20dd3e09", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:65e38eb9-b7ec-51da-a00b-8b60e0bfaadd", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a07128f-ccdb-5c07-b022-0a5cb6ad2fe0", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30940ec4-a1fc-5fdb-be6c-c31d72233d1c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f294190-8683-548c-9b27-b294fa5a47e5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7997799-81c4-595c-9b49-c870a3cc4505", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b95833c-2056-5029-940b-4fba79ac56d8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af2bcb3b-8e7e-5e34-96d1-2c26cb181d33", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-core. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99a1e52a-b442-5c5e-b57f-1cb916cdbab9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:42d0b926-03e5-561a-9551-741ad17824fe", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3edaf93-0fa4-5470-83d4-0a66fb246f86", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2956b266-759f-5aa3-9215-2290fd770b43", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7148c7ab-e9b8-5fc8-a842-e918783ed524", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:00f7d477-4a3a-562e-b646-11626eeb59d9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7b1d5e3-793d-529a-b1ba-1b2cee8f92bb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:577654b1-9fba-5ecd-99fc-efb31494f85e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:679c66d3-85bc-5809-98bb-86b2c94e0f47", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61735cc1-9e41-5119-a8e7-0f2927d199ff", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f84af15b-b41b-58bf-9e42-832c82d2eb74", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:22a6538c-0ca5-55bd-9541-41d49cf9339c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e28c9714-af84-53aa-8871-481ffb488c68", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1cc3775-576a-5fca-af80-573ec4288695", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.5" } ] }